Mailing List Archive: Timeout when signing

Timeout when signing

Mar 18, 2021, 6:57 AM

Post #1 of 3 (217 views)

Hi,

I'm trying to encrypt and sign a large file. It takes a while to do this,
and I then do other things while this is happening. It then completes and
presumably asks me for my key passphrase, but I miss this and it times out,
so all I see is the following error message:

gpg: signing failed: Timeout
gpg: file.gz: sign+encrypt failed: Timeout

I guess that it is actually pinentry that times out, and gpg just passes on
the error from pinentry?

How can I configure this timeout?

My /usr/bin/pinentry on my (Gentoo) system is a symlink to
/usr/bin/pinentry-gtk-2, but since I am doing this over SSH without X
forwarding, and it is working fine (and asking me in a curses based
interface), I don't think pinentry-gtk-2 is actually the pinentry program
being used, but I don't really understand how this works TBH. I do know
that Gentoo uses Gentoo's eselect utility to manage the /usr/bin/pinentry
symlink, but it seems like gpg is smart enough to use the appropriate
version if this isn't appropriate, somehow. Can anyone explain this, or
point me to where it is explained?

Many thanks in advance.

Kind regards,
Nick

Re: Timeout when signing [ In reply to ]

angel at pgp

Mar 18, 2021, 5:52 PM

Post #2 of 3 (217 views)

Permalink

On 2021-03-18 at 13:57 +0000, Nick Cripps via Gnupg-users wrote:
> Hi,
>
> I'm trying to encrypt and sign a large file. It takes a while to do
> this, and I then do other things while this is happening. It then
> completes and presumably asks me for my key passphrase, but I miss
> this and it times out, so all I see is the following error message:
>
> gpg: signing failed: Timeout
> gpg: file.gz: sign+encrypt failed: Timeout
>
> I guess that it is actually pinentry that times out, and gpg just
> passes on the error from pinentry?
>
> How can I configure this timeout?
>
> My /usr/bin/pinentry on my (Gentoo) system is a symlink to
> /usr/bin/pinentry-gtk-2, but since I am doing this over SSH without X
> forwarding, and it is working fine (and asking me in a curses based
> interface), I don't think pinentry-gtk-2 is actually the pinentry
> program being used, but I don't really understand how this works TBH.
> I do know that Gentoo uses Gentoo's eselect utility to manage the
> /usr/bin/pinentry symlink, but it seems like gpg is smart enough to
> use the appropriate version if this isn't appropriate, somehow. Can
> anyone explain this, or point me to where it is explained?
>
> Many thanks in advance.
>
> Kind regards,
> Nick

What are your caching preferences? I would first sign an empty/ummy
file, so it asks for the passphrase and unlocks the private key, then
perform the real operation (which will hopefully not require your
input).

Kind regards

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Timeout when signing [ In reply to ]

gnupg-users at gnupg

Mar 19, 2021, 12:22 AM

Post #3 of 3 (217 views)

Permalink

On Thu, 18 Mar 2021 13:57, Nick Cripps said:

> I'm trying to encrypt and sign a large file. It takes a while to do this,
> and I then do other things while this is happening. It then completes and
> presumably asks me for my key passphrase, but I miss this and it times out,

I know this problem but there is no good solution for this. We could
hack around it for on-disk keys but as soon as a smartcard is used, that
smartcard may want a PIN in any case and thus any delayed cache expiring
won't help.

> How can I configure this timeout?

Put

pinentry-timeout 3600

into gpg.agent.conf for a one hour timeout:

This option asks the Pinentry to timeout after n seconds with no
user input. The default value of 0 does not ask the pinentry to
timeout, however a Pinentry may use its own default timeout value
in this case. A Pinentry may or may not honor this request.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Mailing List Archive

Mailing List Archive

Attached Files: